CISSP as a first security Cert?

sleemie

I'm thinking of going for my CISSP...I've got the MCSE+I and I'll be getting my CCNA in a few months. The question I have since it's such an involved test, is it practical to have that be your first security certification? I was thinking of going for the security +, but my job is only going to send me to one class and I figure if I have to choose between the two I should go for the CISSP class and then go for the cert.

seuss_ssues

Anything is always possible.

However unless you have extensive expereience with all the 10 CBKs then its going to be a tough exam for you. Just taking a class will not prepare you enough for the exam. Additionally you may want to check and ensure that you meet the ISC requirements to get your CISSP.

But dont let that detur you.....its possible

keatron

How much security experience do you have?

ESOK

I think your odds are low for being able to pass the CISSP without a lot of security experience and/or some other security certs under your belt. Plus they have a 3 years in security requirement ( 4 years if you don't have college ).

If you can choose only 1 security cert, but want one that people can easily recognize than maybe you should go for the CEH. But the CEH, has a 2 years in the security field requirement.

If you don't meet the experience requirement than there is nothing wrong with getting the Security+ (I have it) and then focusing on the MCSA: Security or MSCE: Security cert.

sleemie

So the test is not just about learning information?

Could you give me an example of something that I couldn't know without having experience that would be on the test? Like for my ccna exam if I'd never put my hand on a router or simulation program I couldn't have passed that test, but to my understanding the CISSP is pretty much straight information, stuff that can be learned from a book, albeit a whole lot of stuff.

I'm also wondering if it would even be worthwhile for someone like me to have. The site says it's for mid to upper level managers. I'm not even a lower level manager, in fact I'm at the bottom of the totem poll in my office as i'm the lowest graded network administrator in the group.

The reason I'm considering the certification is for career advancement and marketability should I ever decide to look for another job. Also to add more under my belt in my job and make it more interesting. I want to remain a techy type, though, and not end up being a report writer.

keatron

seuss_ssues wrote:

Anything is always possible.

However unless you have extensive expereience with all the 10 CBKs then its going to be a tough exam for you. Just taking a class will not prepare you enough for the exam. Additionally you may want to check and ensure that you meet the ISC requirements to get your CISSP.

But dont let that detur you.....its possible

It's not true that you need extensive experience in ALL of the CBK Domains, but you do need to have extensive experience in a some of them.

Non-Profit Techie

keatron wrote:

seuss_ssues wrote:

Anything is always possible.

However unless you have extensive expereience with all the 10 CBKs then its going to be a tough exam for you. Just taking a class will not prepare you enough for the exam. Additionally you may want to check and ensure that you meet the ISC requirements to get your CISSP.

But dont let that detur you.....its possible

It's not true that you need extensive experience in ALL of the CBK Domains, but you do need to have extensive experience in a some of them.

In what way do you need extensive experience? Does this test ask you questions that only a person who has run into such problems would know the answer to? or is there some sort of simulation questions? Is it possible to pass this test on reading about the domains from multiple books? is the accociate test different?
thanks

Webmaster

I think Keatron meant the same as you did in:
"However unless you have extensive experience with all the 10 CBKs"
I.e. 'some' experience in all the domains won't likely be enough for the 3-4 years required experience, but extensive experience in some of the domains can. Extensive as in duration and in depth.

Does this test ask you questions that only a person who has run into such problems would know the answer to?

I think the CISSP on of the best, perhaps 'the' best example of a certification you won't be able to pass from 'a' book alone, if you don't have the experience.

or is there some sort of simulation questions?

The test is a written test, i.e. you need to mark answers on a piece of paper. So since it's not computer-based it doesn't contain sims or other interactive type of questions.

Is it possible to pass this test on reading about the domains from multiple books?

I see no reason why it wouldn't be possible. Especially when you also include non-CISSP books (ie. general books on cryptography, BCP, DR, etc.etc.). There's not much else you can do, the CISSP is primarily theory and concepts (about practical topics as well).

is the accociate test different?

Not the test is the same. ISC2 explicitely mentions on their website several times, there's an essential difference betweent the CISSP test and the CISSP cert. Anyone can sit for the exam, but those without the experience don't get the CISSP cert. Even though you have to select the Associate option when registering for the CISSP exam, the eventual exam 'is' a CISSP exam, simply because it 'can' lead to the CISSP cert once you do have the experience, for which you have 2.5 years (not sure I read that online or someone from ISC2 UKtold me) to get it after you passed the ISC2 associate. If you don't expect to gain the remaining experience within 2.5 years, you should consider the SSCP instead.

Good luck whatever you decide to do!

Non-Profit Techie

thanks for all the info. actually my department just got a shipment of books we ordered including CISSP for Dummies. I have been reading since I got out of work today. Its pretty interesting. The Sec+ i ordered didnt show up yet so i figured what the heck and started to read this until it arrives. It does go over all the info you just provided me. I found it pretty interesting what this organization is trying to do. I may head down this route one day when i feel i can meet all those requirements. I could probably get the office to pay for those review seminars that are mentioned in the book, someday.

So far the book is pretty informative for someone like me who is studying sec+ and wondering about future security exams. Hopefully I can finish it before the holiday so i can read the sybex book on sec+ to finish up my study for that exam. Im sure the CISSP for dummies wont hurt my sec+ studies

Thanks for all the great info guys!

keatron

Thanks for summing this up for Johan. I will point out that the fact that you register as a Associate for the exam indeed has nothing to do with the exam content, it's the same. This registration designation is simply something used for internal controls and statistics.

Keatron.